| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Mar 2004 03:51:12 +0000 From: "Hugh Mann" <hughmann@...mail.com> To: exon@...e.se Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com, info@...witch.com, secure@...witch.com Subject: RE: Re: How to crash a harddisk - the Ipswitch WS_FTP Server way >From: exon <exon@...e.se> >This is old news. >It is also RFC compliant behaviour, even though admitted silly. You say this is old news. Can you tell me where this WS_FTP server vulnerability has been published before? I always search google and BugTraq before posting anything to make sure nothing is old news. Perhaps you mean that some FTP servers have been known to be vulnerable to easy creation of arbitrary sized files using REST? So what? How many programs have been vulnerable to buffer overflows? I don't hear people complaining about buffer overflow vulnerabilities being old news. Also, I don't think you fully read my advisory. It says that a user who has a max total file size limit can create arbitrary sized files. That is, the user can create a file much larger than the user is allowed to create. _________________________________________________________________ All the action. All the drama. Get NCAA hoops coverage at MSN Sports by ESPN. http://msn.espn.go.com/index.html?partnersite=espn _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists